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Abstract. In the last few years there has been a growing interest in the use of symbolic models for the 
formal verification and control design of purely continuous or hybrid systems. Symbolic models are abstract 
descriptions of continuous systems where one symbol corresponds to an "aggregate" of continuous states. 
In this paper we face the problem of deriving symbolic models for nonlinear control systems affected by 
disturbances. The main contribution of this paper is in proposing symbolic models that can be effectively 
constructed and that approximate nonlinear control systems affected by disturbances in the sense of alternating 
approximate bisimulation. 



1. Introduction 

An emerging trend in the control systems and computer science communities is the use of symbolic models for 
the analysis and control design of purely continuous or hybrid systems [EFP06] . Symbolic models are abstract 
descriptions of continuous systems where each symbol corresponds to an "aggregate" of continuous states 
|Tab09| . The use of symbolic models provides a formal approach to solve control problems in which software 
and hardware interact with the physical world. Moreover, it provides the designer with a systematic method 
to address a wide spectrum of novel specifications that are difficult to enforce by means of conventional control 
design paradigms. Examples of such specifications include logic specifications expressed in linear temporal 
logic or automata on infinite strings. 

The literature on symbolic models is very broad and includes results on timed automata |AD90j , rectangular 
hybrid automata HKPV98 and o-minimal hybrid systems [LPSOO, BM05 . Early results for classes of control 
systems were based on dynamical consistency properties |CW98| . natural invariants of the control system 
[KASLOO] , /-complete approximations IMRO02] and quantized inputs and states |FJL02i IBMP02] . Recent 
results include work on piecewise-affine and multi-affine systems .HCS06, BH06|, set-oriented discretization 
approach for discrete-time nonlinear optimal control problem |Jun04j and abstractions based on convexity of 
reachable sets for sufficiently small sampling time |Rei 09 . Symbolic models for nonlinear control systems, 
time-delay systems and switched systems based on the notions of approximate bisimulation [GP07] and in- 
cremental stability |Ang02| have been studied in [PGT081 IPT09] . [PPDT101 IPPDBIO] and jGPTlQj . 
In this paper we face the problem of deriving symbolic models for nonlinear control systems affected by distur- 
bances. The presence of disturbances requires us to replace the notion of approximate bisimulation employed 
in |PGT08| IGPT10[ IPPDTlOj with the notion of alternating approximate bisimulation introduced in |PT09] 
and inspired by Alur and coworkers' alternating bisimulation [AHKV98 . As discussed in [PT09, Tab09J this 
notion is a key ingredient when constructing symbolic models of systems affected by disturbances because 
it guarantees that control strategies synthesized on the symbolic models can be readily transferred to the 
original model. The existence of alternating approximately bisimilar symbolic models for incrementally stable 
nonlinear control systems affected by disturbances has been proven in |PT09j . However, the results of |PT09] 
cannot be easily used for the construction of symbolic models because they rely on the computation of sets of 
reachable states which is a difficult task in general. In this work we propose alternative symbolic models to the 
ones proposed in [PT09j which are proven to be effectively computable. The key ingredient in our results is 
the derivation of finite approximations of the disturbance input functional space by resorting to spline analysis 
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|Sch73] . Spline analysis has been also employed in PPDT10, PPDB10] for deriving symbolic models of time- 
delay systems. As discussed in the paper, the approximation scheme proposed in PPDT10, PPDB10 cannot 
be used in this framework because it would lead to symbolic models that cannot be effectively constructed. 
For this reason in this paper we elaborate alternative spline-based approximation schemes for the disturbance 
input functional space which instead guarantee the effective computation of the proposed symbolic models. 
The main contribution of this paper lies in showing that: 

// the control system is incrementally stable and the disturbance input signals are bounded and Lipschitz 
continuous then symbolic models can be effectively constructed which are shown to be alternating approximately 
bisimilar to the original control systems with any desired accuracy. 

A preliminary version of this work appeared in the conference publication [B PDllj . This paper is organized as 
follows. Preliminary definitions are recalled in Section[2] In Section|3]we propose a spline-based approximation 
scheme for the disturbance input functional space. In Section [4] we show how to construct symbolic models 
that approximate nonlinear control systems affected by disturbances in the sense of alternating approximate 
bisimulation. Section [5] shows an illustrative example. Finally Section [6] offers some concluding remarks. 



2.1. Notation. A singleton is a set containing exactly one element. The identity map on a set A is denoted 
by 1a- Given two sets A and B, if A is a subset of B we denote by \a '■ A » B or simply by i the natural 
inclusion map taking any a £ A to i(a) = a E B. Given a function / : A — > B the symbol f(A) denotes the 
image of A through /, i.e. f(A) := {b £ B : 3a G A s.t. b = /(a)}; if C C A we denote by f\c the restriction 
of / to C, i.e. f\c(%) f(x) for any x G C. Given a relation 1Z C A x B, the symbol 7Z~ l denotes the 
inverse relation of 7Z, i.e. IZ^ 1 := {(b, a) G B x A : (a, b) G 11}; we set 71(A) = {b G B\3a G A s.t. (a, b) G 11} 
and 7Z~ 1 (B) = {a G A\3b G B s.t. (a, b) G 71} . The symbols N, Z, E, E+ and E^ denote the set of natural, 
integer, real, positive real, and nonnegative real numbers, respectively. Given a vector x G E n , we denote 
by || a: || the infinity norm of x. Given a measurable function / : Eq — > E™, the (essential) supremum of / is 
denoted by ||/||<». Given \i G E + and A C E", we denote by \iA the set {6 G E" | 3a G A s.t. 6 = /ia}. A 
continuous function 7 : Ej — > Ej is said to belong to class K if it is strictly increasing and 7(0) = 0; function 
7 is said to belong to class JC^ if 7 € K and 7(r) — > 00 as r — » 00. A continuous function j3 : Ej x Ej — > Ej 
is said to belong to class KC if, for each fixed s, the map /3(r, s) belongs to class /Coo with respect to r and, 
for each fixed r, the map (3(r, s) is decreasing with respect to s and j3(r, s) — > as s — > 00. The symbol 
C°([0,t];Y) denotes the set of continuous functions from a closed interval of the form [0, r] with r G E + to 
a set Y C E m . Consider a bounded set A C E™ with interior. Let i? = [01,61] X [02, 62] x ■ ■ • x [a n ,b n } be 
the smallest hyperrectangle containing A and set (jla = mini = i 2,... nipi ~ a i)- If is readily seen that for any 
M < Aa and any a E A there always exists 6 G (2/xZ n ) n A such that \\a — fe|| < \i. 

2.2. Control systems and incremental stability. In this paper we consider the following nonlinear control 
system: 



where x G X C E™ is the state, u G f7 C E m and d G D C E are the control and disturbance inputs. We 
suppose that /(0,0, 0) = 0, the set X is convex with the origin as an interior point and the sets U and D 
are compact, convex, with the origin as an interior point. Control input functions are supposed to belong to 
the set U of piecewise-constant functions of time from intervals of the form ]a, b[C. E to U. Disturbance input 
functions are supposed to belong to the set T> of continuous functions of time of the form d :}a, b[Q E —> D 
satisfying the following Lipschitz assumption: there exists Kd G E + such that: 



2. Preliminary definitions 



(2.1) 



x = f(x,u,d), 



(2.2) 



||d(* 2 )-d(*i)|| < K d \h-h\, 
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for any d £ V and ti, t 2 G]a, b[. Function / : R™ x U x D — >• R" is continuous and enjoys the following Lipschitz 
assumption: for every compact set K C R™, there exists a constant A: g R + such that 



for all x, y € if, k € U and <i 6 D. In the sequel, we refer to the nonlinear control system in (2.1| by means 
of the tuple: 

(2.3) £ = ©,/), 

where each entity has been defined above. Since control inputs are piecewise-constant, system E is often 

referred to in the literature as a nonlinear sample-data control system, see e.g. [NTOlj . 

A curve £ :]a, 6[— > R™ is said to be a trajectory of E if there exist u £lA and d £ T) satisfying 

£(*) = /(£(*),«(*),<*(*)), 

for almost all t G ]a, 6[. Although we have defined trajectories over open domains, we shall refer to trajectories 
£ :[0, t] — >■ R n defined on closed domains [0, r], r £ R + with the understanding of the existence of a trajectory 
£' :]a, 6[— > R™ such that £ = £'|[o. r ]- We also write £ X ud(i) to denote the point reached at time t under the 
control input u and disturbance input d from initial condition x; this point is uniquely determined, since the 
assumptions on / ensure existence and uniqueness of trajectories [Son98] , A control system E is said to be 
forward complete if every trajectory is defined on an interval of the form ]a,oo[. Sufficient and necessary 
conditions for a system to be forward complete can be found in |AS99j . In the sequel, we will make use of the 
following stability notion. 

Definition 2.1. |Ang02| A control system E is incrementally input-to-state stable (5-ISS) if it is forward 
complete and there exist a ICC function (3 and two /Coo functions 7 n and such that for any t £ Rq", any 
x\,X2 £ R"j any 1*1,1*2 £ U and any d\,di £ T>, the following inequality is satisfied: 

||£xiuidi(*) - tx2U 2 d 2 (t)\\ < P(\\xi ~ x 2 \\,t) +7„(||tti - U2II00) + ld(\\di - d 2 \\oo)- 

The above incremental stability notion can be characterized in terms of dissipation inequalities, as follows. 

Definition 2.2. |Ang02| A smooth function V : R™ x R™ — y R is called a 5-ISS Lyapunov function for a 
control system E = {X,IA,T> 1 f) if there exist A £ R + and K,^ functions a, a, a u and ad such that for any 
x\,X2 £ X, any 1*1,1*2 £ U and any di,d 2 £ D the following conditions hold true: 

(i) a(\\xi - x 2 \\) < V(xi,x 2 ) < a(\\x! - x 2 \\), 

(") m^f( x i + §^f( x 2,u 2 ,d 2 ) < -XV(xi,x 2 ) + cr u (\\ui - u 2 1|) + a d {\\di - d 2 \\). 

The following result adapted from Ang02| completely characterizes 5-ISS in terms of existence of 5-ISS 
Lyapunov functions. 



Theorem 2.3. The control system E in (2.3) is 5-ISS if and only if it admits a S-ISS Lyapunov function. 



2.3. Transition systems and approximate equivalence notions. We will use alternating transition sys- 
tems [AHKV98J to describe both control systems as well as their symbolic models. 

Definition 2.4. An (alternating) transition system T is a quintuple: 

T=(Q,L, » ,0,H), 

consisting of: 

• a set of states Q; 

• a set of labels L — A x B, where: 

- A is the set of control labels, 

- B is the set of disturbance labels; 

• a transition relation «- C Q x L x Q: 

• a set of outputs O; 
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• an output function H : Q — > O. 
A transition (g, (a, b), g') G *■ is denoted by q - » ■ g'. A state run of T is a sequence of transitions: 

,n (oi,6i) (02,62) (a N -l,b]V-l) 

(2.4) qi q 2 " ... >■ q N . 



An output run is a sequence {oi}i S N of outputs such that there exists a state run of the form (2.4) with 
Oi = H(qi), i = 1,2, N. Transition system T is said to be: 

• countable, if Q and L are countable sets; 

• symbolic, if Q and L are finite sets; 



metric, if the output set O is equipped with a metric d:OxO 



In the sequel we consider bisimulation relations [Mil89 , Par8l] to relate properties of control systems and 
symbolic models. Intuitively, a bisimulation relation between a pair of transition systems Ti and T 2 is a relation 
between the corresponding state sets explaining how a state run r\ of T± can be transformed into a state run r 2 
of T 2 , and vice versa. While typical bisimulation relations require that T\ and r 2 have the same output run, i.e. 
Hi{r\) — flg^a), the notion of approximate bisimulation relation, introduced in [GP07J, relaxes this condition 
and require that Hi(r±) is simply close to H 2 (r 2 ), where closeness is measured with respect to a metric on 
the set of outputs. In this work we consider a generalization of approximate bisimulation, called alternating 
approximate bisimulation, that has been introduced in jPT09| to relate properties of control systems affected 
by disturbances and their symbolic models. 

Definition 2.5. Consider a pair of metric transition systems Ti = (Qx,A\ x B 1} — — ► ,Ox,Hi) and T 2 — 

(Q 2 ,v4 2 x B2, ,0 2 ,-ff 2 ) with the same set of outputs 0\ — 2 and metric d and consider a precision 

2 

e € Mq". A relation 

K C Qi x Q 2 

is said to be an alternating e-approximate (As A) bisimulation relation between T\ and T 2 if for all (q\, g 2 ) G 72. 
the following conditions are satisfied: 

(i) d(H 1 ( qi ),H 2 ( q2 ))<e; 

(ii) V01 € At 3a 2 e A 2 V6 2 e B 2 3h € Si such that q x q[, q 2 g 2 and (gj,^) € TI; 

(iii) Va 2 € A 2 3oi € Ai V61 € B x 3b 2 € B 2 such that g t gj, g 2 ^pl q' 2 and (g 1; g 2 ) € TI. 

Transition systems T\ and T 2 are alternating e-approximately (A£j4) bisimilar if there exists an As A bisimu- 
lation relation such that 1Z(Qi) = Q 2 and TZ~ 1 (Q 2 ) = Q\. 

As discussed in |PT09j . the notion of alternating approximate bisimulation guarantees that control strategies 
synthesized on symbolic models, based on alternating approximate bisimulations, can be readily transferred 
to the original model, independently of the particular realization of the disturbance inputs. When sets Bi and 
B 2 are singletons, the above notion boils down to approximate bisimulation |GP07j . When e = 0, the above 
notion can be viewed as the two-player version of alternating bisimulation [AHKV98J. 



3. Spline approximation of the disturbance space 

One of the key ingredients in the results presented in this paper is the approximation of the disturbance input 
functional space through spline analysis [Sch73j . In this section we describe this approximation scheme. Given 
a time parameter r g M. + , define 



T) T := {d € T>\ the domain of d is [0, r]}, 
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and set 

(3.1) M = sup Hdlloo. 

dex> x 

In the sequel we propose an approximation of the functional space T> T in the sense of the following definition. 
Definition 3.1. A map 

A : R+ -> 2 C °«°' T ^ 

is a finite inner approximation of T> T if for any desired precision 9 € K + the following properties hold: 

(i) A(9) is a finite set; 

(ii) A{8)CV T ; 

(iii) for any d £ T> T there exists z £ A(8) such that \\y — z\\oo < 0. 

We start by recalling from Sch73] the notion of spline. Given N £ N consider the following functions: 

/ 1 - t/h, t £ [0,h], 



so(t) 



0, otherwise, 



1 - i + t/h, te[(i- l)h,ih], 
Si(t)= { 1 + i-t/h, t e [ih, {i + l)h\, i = 1,2,..., JV, 
0, otherwise, 



SN+l(t) = 



l + (t-T)/h, t£ [T-h,T], 

0, otherwise, 



where h — t/(N + 1). Functions Si called splines are used to approximate T> T . More precisely, the approxi- 
mation scheme that we propose is based on the following three steps: 

• We first scale function d £ V T (Figure [I] first panel) to get the function d\ = pd with: 

p=l- max i — , 

I M K d T 

where M is as in (3.1 ), Kd is as in (2.2) and p £ R + is a suitable quantization parameter whose role 
will be clear in the sequel. 

• We then approximate function d\ £ T> T (Figure [T] second panel) by means of the piecewise-linear 
function di (Figure [lj third panel) obtained by the linear combination of the N + 2 splines Si centered 
at times t = ih with amplitudeaje?i(i/i). 

• We finally approximate function di by means of function dz (Figure [TJ fourth panel) obtained by the 
linear combination of the N + 2 splines Sj centered at times t = ih with amplitudes d l 3 chosen in the 
lattice \D\in = {2pJ}) n D and minimizing the distance fronj^](i2(«ft-), i.e. 

d\ — arg min \\d — d%{ih)^. 

Given N £ N and p £ M. + define the following functions: 

p 2p 
M ' Kdh _ 

(3-3) e Kd , TM (N,p) = (1 - p Kd , T , M { N > V))M + (1 + p Kd , T , M (N, p))K d h + p, 

where we recall h — t/(N + 1). Function will be shown to be an upper bound of the error associated to the 
approximation scheme that we propose for T> T . The following technical result will be useful in the sequel. 



(3.2) PK d ,T,M{ N i A*) = 1 _ max 



^This second step allows us to approximate the in/mite-dimensional space T> r by means of the /irti4e-dimensional space D N+2 . 
2 This third step allows us to approximate the /miie-dimensional space D N+2 by means of the finite set ([-D]2/j) Ar ~ 1 " 2 - 
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Figure 1. Spline-based inner approximation scheme of the disturbance input functional space. 



Lemma 3.2. For any 9 6 R + there exist N £ N and \i € R + such that 
(3-4) Q KdtTtM (N,fi) < 9, p Ki , T ,M(N,fi) > 0. 



Proof. Choose \i = pv+ip > S N. Function p Kd , Tl M{N,n) in Eq. (3.2) rewrites as 



(iV + 1) 2 



1 — max 



M(N+ l) 2 ' KdT^N + 1) 



The right-hand side of the previous equality is increasing with N, and it converges to 1 as N goes to infinity; 



then it is clear that for a sufficiently large N one gets p Kd ,r,M [N, 



the following upper-bound for the function @ Kd , T ,M{N, fi) in (3.3): 



(JV+l) 2 



> 0. Furthermore, one can write 
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1 \ f 1 2M 



6 — M I N > WTW J = 1 (^vTTF ' n d r(N + 1) 



2 — max 



1 2 }\ K d T 1 



M(JV + l) 2 ' K d r(N + 1) J y AT + 1 (JV + 1) 



^2 



if r i 2Mi „ i 

— max < — , > + 2n d r 



iV + lV I N + 1 K d T J TV + 1 

The right-hand side of the previous inequality is decreasing with N, and goes to zero as N goes to infinity. 
Hence, the result follows. □ 

We are now ready to formally introduce the approximation scheme of the disturbance input functional space. 
Definition 3.3. Consider the map 

Av T : M+ -> 2 cQ « ^) 

that associates to any precision 9 e M + the set Av T (6) consisting of the collection of all functions: 

Ng + l 

(3.5) z(t) := wit), te [0,t], 

i=0 

satisfying the following conditions: 

(i) G (2^Z { ) n D for any i = 0, 1, ...,iV e + 1, 

(ii) - z i\\ < K dT/(N g + I) for any i = 0, 1, ...,iV e , 

with = ram{9, £id} where flu is defined in Section 2.1. 

Remark 3.4. Since the set D is compact, the set (2/iaZ') n D is finite. Therefore, the set Ax> T {6) is composed 
of a finite number of functions that can be effectively computed. 

The following technical result will be used in the sequel. 
Lemma 3.5. For any 6 G R + , A Vt {9) C X> r . 



Proof. In order to show that any function z in (3.5) is in 2? r , we need to show that z enjoys the Lipschitz 



condition (2.2) and ||^||oo < M. Since z is continuous and defined over the interval [0,r], by the triangle 



inequality it suffices to show that (2.2) holds for any ti,t 2 G [ih, (i + l)h], i = 0, ...,Ng. By Eq. (3.5) and the 
definition of spline, the function z is piecewise-linear and is linear in the interval [ih, (i + l)h], with z(ih) = z%. 
Hence one can write for any t\, ti G [ih, (i + l)h]: 

(o a\ ll^2)-^i)|| _ H(i + l)h)-z(ih)\\ _ \\z i+1 - Zi )\\ 

(3 - 6) iu 2 -*iii " h - h - Kd ' 



where the last step holds by condition (ii) in Definition 3.3 concluding the proof of the Lipschitz condi 



tion. We next show that the boundedness condition holds as well. Since z is piecewise-linear, ||z||oo = 
maxj =0j . jv e +i \\ziW, hence we just need to show that ||zj|| < M for all i. From condition (i) in Definition 3.3 



Zi G D, implying from (3.1) that \\zi\\ < M, which concludes the proof. □ 



We are now ready to present the main result of this section. 

Theorem 3.6. Map Ax> r in Definition 3.3 is a finite inner approximation of T> T . 
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Proof. Consider any precision 9 £ M + . For notational simplicity we set p Kd ^ T , M(Ne, A^) = P- As discussed 
in Remark 3.4 the set Av T {9) is finite. Hence, condition (i) in Definition |3.1| is satisfied. Condition (ii) in 
Definition |3.1 is implied by Lemma 

, Na vectors zj are chosen 



is implied by Lemma 3.5 We now show that also condition (iii) in Definition 3.1 is satisfied. 
For any function d £ T> T consider a function z as in (3.5) where for any i 



in the set 2pgZ l such that: 
(3.7) 



0,1, 



IN - Pd{ih)\\ < fxg. 



We first prove that vectors z, are in the set D, showing that ||zi||oo < M for all i. From Eq. (3.7), by using 



the triangle inequality and the definition of p in (3.2), one can write: 



Nloo = \\zi - pd{ih) + pd(ih)\\ c 



< IN 

< N 

< H 

< H 
= H 



- pd(ih)\\, 
■\\pd(ih)\\ 
pM 

M } 
Me : 



\pd(ih)\\ 



(1- 

M - 



M 



which concludes the proof of the existence of such values Zi £ (2pgZ l ) D D, as in condition (i) of Definition 
3.3 We now show that also condition (ii) is satisfied. From (3.7), the following chain of inequalities holds: 



< \\z i+1 - pd((i + l)h)\\ - 

< p\\d((i + l)h) - d(ih)\\ 



\\pd((i + l)h) - pd(ih)\\ 
2p § 



\pd(ih) 



< pn d h + 2pg < (1 - -^)K d h + 2pg = n d h, 



where h = t/(N$ + 1) and the last inequality holds by the definition of function p in (3.2). Hence, condition 
(ii) in Definition 3.3 is satisfied and z £ At> t (0)- In order to conclude the proof of condition (iii) in Definition 
3.1 we need to show that \\d — z\\,x, < 9. By the assumptions on the disturbance space, the following chain of 
inequalities holds: 



\d- 



= max \\d(ih + t) — z(ih + t)\\ 

i=0,l,...,N e ,t£[0,h] 

< max (\\d(ih + t) - pd(ih + t)\\ + \\pd(ih + t) - pd(ih)\\ 

i=0,l,...,N e ,t£[Q,h] 

+ \\pd(ih) - z(ih)\\ + \\z(ih) - z(ih + i)||) 

< (1 - p)M + (1 + p)n d h + p § 

= &K d ,T,M( N e,Ve)<Q<0, 



where the last step holds by Eq. (3.3) and by definition of Ng and pg. From the above chain of inequalities, 
condition (iii) in Definition 3.1 is satisfied, which concludes the proof. □ 



Remark 3.7. Spline approximation of functional spaces has been also employed in [PP DTlOl IPPDB10] for 
deriving symbolic models of nonlinear time-delay systems. The approximation scheme here proposed is dif- 
ferent from the one proposed in [PPDTlOl [PPDB10 as it can be readily seen by comparing Definition 3.1 
and Definition 6 in PPDT10 (also employed in [PPDB10 ). In particular the notion of approximation here 
considered is stronger than the one used in |PPDT10| IPPDBlOj . as it can be easily checked by comparing 
conditions (ii) in the two definitions. As discussed in the sequel, this notion allows us to provide symbolic 
models for nonlinear control systems affected by disturbances which can be effectively constructed whereas the 
notion employed in [PPDT101 IPPDBIO] does not. 
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4. Alternating approximately bisimilar symbolic models 

In this section, we propose symbolic models that approximate nonlinear control systems with disturbances in 
the sense of alternating approximate bisimulation. 



Given the control system S = (X,U,T>, /) in (2.3) and a sampling time parameter r £ R + , consider the 
following transition system: 

T T (E) ~(X,U T xV T , ,O.H), 

where: 

• U T = {u £ U\ the domain of u is [0, r] and u(t) = u(0), t £ [0, r]}; 

• x — x' if there exists a trajectory £ : [0, t] — > X of E satisfying ^^(t) = a;'; 

Transition system T T (E) is metric when we regard O = X as being equipped with the metric d(p, q) = ||p — g|| . 
Transition system T r (E) can be thought of as the time discretization of the control system E. For notational 
simplicity, in the following we denote by u any constant control input u s.t. u(t) = u for all t £ [0, r]. Consider 
a vector of quantization parameters 

(4.1) F=( T ,ix x ,n u ,fJ, d ,N), 
and define the following transition system: 

(4.2) Tp(E) := (Qp, L r , — , Op, ff P ), 
where: 

• Qp = (2 Ma Z n ) n X; 

• ij> = Ap x Bp where: 

- Ap = (2 Mu Z m ) n £/; 



-Bp = Ax> T {&n d .T,M{N, fj,d)) where At> t is a finite inner approximation of T> T , as in Definition 3.3 



and function <d is defined as in (3.3); 



• x —j* V if Uxud(r) - y\ < Mx5 

• Op = X; 

• Hp — i : Q P Op. 

Remark 4.1. It is readily seen that the transition system Tp(E) is countable and it becomes symbolic when 
the set of states X is bounded. As stressed in Remark |3.4| the set of control and disturbance inputs Lp can 
be effectively computed from which the transition system Tp(E) can be effectively computed. 

We now have all the ingredients to present the main result of this paper. 

Theorem 4.2. Consider the control system E = (X,U ,T>, f) in $2.3\) and suppose that: 



(Al) There exists a S-ISS Lyapunov function satisfying the inequality (ii) in Definition 2.2 for some A £ K + . 
(A2) There exists a K-oo function 7 such tha^ 

V(x,x')-V(x,x") <7(||a;'-x"||), 

for every x, x' , x" £ X . 



^Note that since V is smooth, if the state space X is bounded, which is the case as in many real applications, one can always 
choose 7(||uj - z\\) = (sup x yex \\^-(x,y)\\j \\w - z\\. 
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Then, for any desired precision e € R + , any sampling time r £ R + , and any choice of quantization parameters 
in P satisfying the following inequalitieQ 

, A o\ max{a u {fi u ), cr d (8 d )} j(fi x ) 

(4-3) + - _ g _ Ar < a(e), 

(4.4) fi x < fix, 

(4.5) fj, u < fiu, 

(4.6) fx d < fi D , 



(4-7) 



transition systems T r (E) and Tp(E) are alternating s -approximately bisimilar. 



Before giving the proof of the above result we stress that: 

Proposition 4.3. For any desired precision e € R + and any sampling time r £ M. + , there always exists a 
choice of the vector^ of quantization parameters such that the coupled inequalities in |^.3| ), (4-4h (4-5), (4-6) 
and nTly are satisfied. 



Proof. It is clear that a choice of sufficiently small parameters fi x , fi u and 6 d allows to satisfy the inequalities 
in (4.3)-(4.5), since a u , ad and 7 are /Coo functions. Then, for any fixed 64 resulting from the previous step, 
one can choose N and fid such that the inequality in (4.7 1 is fulfilled (as shown in the proof of Lemma 3.2 1, 
and finally fid can be chosen small enough so that the inequality in (4.6) holds. □ 



We can now give the proof of Theorem 4.2 



Proof. Consider the relation 7Z C X x Qp defined by (x, y) £ TZ if and only if V(x,y) < a(e). Condition (i) 
in Definition |2.5| is satisfied by the definition of TZ and condition (i) in Definition 2.2 Let us now show that 
condition (ii) in Definition 2.5 holds. Consider any (x,y) £ TZ. By condition (4.5), for any ui G U T there exists 
u 2 E A r = (2fi u Z m ) n U such that: 

(4.8) 

Moreover by Lemma 



u 2 - Ul\ 



< 



flu- 



3.5 



for any d 2 € A-D T {0d) we can pick d\ = d 2 £ V T . Set z = Cyu 2 d 2 ( T )- By condition 
(|4.4|) there exists v £ Qp such that: 



(4-9) 



\\z - v\\ < fl x 



Hence, by definition of Tp(E), the transition y U2 ' d l v i s m Tp(E). Consider now the transition x Ul ' d l w [ n 



T T (E). By Assumption (Al), condition (ii) in Definition 2.2 and the inequality in (4.8), one gets: 

dv 
Did ■ 



dv -J{w,ui,d 2 ) + 7&f(z, u 2 , d 2 ) < -\V(w,z) + a u (\\ui-u 2 \\) + cr d (\\d 1 -d 2 \ 



< -XV(w,z) +o- u {fi u ), 



which, by Assumption (A2), the definition of TZ and the inequality in (4.9), implies: 

V(w,v) < V(w, z) +f(\\z - v\\) 
< V{w,z)+ 1 {fi x ) 



< e- AT V{x,y) + (1 - e- XT )- 



X 



■l(Px) 



< e 



Hence, by the inequality in (4.3), V(w,v) < a{e), from which (w,v) £ TZ and condition (ii) in Definition 2.5 



proven. We now show condition (iii) in Definition|2.5| Consider any (x, y) £ TZ. For any u 2 £ Ap — {2fi u 'L m )r\U 



Symbols fix, fiu and fio are defined as in Section 2.1. 
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we can pick u\ = u 2 £ U T . Consider any d\ € T> r . By Theorem 3.6 and condition (4.6) there exists 
d 2 £ Av T (&d) such that: 



(4.10) 



Hda-diHoo < e KdtTtM (N,fx d ) < e d . 



Set z = £,yu 2 d 2 ( T )- By condition (4.4) there exists v £ Qp such that the inequality in (4.9) holds true. Hence, 
by definition of Tp(E), the transition y U2 ' d l v [ s [ n Tp(E). Consider now the transition x Ul ' d l w j n T r (E). 



By Assumption (Al), condition (ii) in Definition 2.2 and the inequality in (4.10), one gets: 

^f(w, Ul ,d 2 ) + ^f(z,u 2 ,d 2 ) < -XV(w, z) + a u {\\ui - u 2 \\) + a d (\\di - d 2 \\) 



< 



-\V(w,z)+a d {6 d ), 



which, by Assumption (A2), the definition of TZ and the inequality in (4.9), implies: 

V(w,v) < V(w, z) +7(||z-«||) 
< V(w,z)+~/([i x ) 



< e 

< e 



~V(x,y) + (l 



X 



A 



Hence, by the inequality in (4.3), V(w,v) < a(e), from which (w,v) € TZ and condition (hi) in Definition 2.5 
is proven. Finally by definition of TZ it is easy to see that TZ(X) — Qp and TZ^ 1 (Qp) = X. □ 



5. Control design of a pendulum 



In this section, we consider a slight variation of the classical pendulum model [Kha96| where the point mass 
is subject to a horizontal acceleration, modeling e.g. the wind. The resulting dynamics is described by: 



±2 



x 2 . 



sin^i 



;X2 



dcosxi, 



where x\ and x 2 are the angular position and velocity of the point mass, u is the torque representing the 
control variable, d is the (unknown) horizontal acceleration, g — 9.8 is the gravity acceleration, I — 0.5 is the 
length of the rod, m = 0.6 is the mass of the bob, k = 2 is the coefficient of friction. All constants and variables 
in E are expressed in the International System. We assume X = X\ x X 2 , U = [u,u] and D = [d,d], with 
Xi = [-7r/4, 7r/4], X 2 = [-0.5,0.5], u = —u = 1.5, d = -0.01 and d = 0.02. We first construct a symbolic 
model for E. To this aim we apply Theorem |4.2| As a first step, we need to show that the control system E 
is (5-ISS. Consider the following candidate quadratic J-ISS Lyapunov function: 



V{x,y) = (x-y) 



1.5 
0.3 



0.3 
1.5 



(x - y)- 



It is possible to show that V satisfies condition (i) of Definition 2.2 with 

a(r) = 1.2r 2 , a(r) = 3.6r 2 , r e M+. 
Moreover, it is possible to show that: 
dV dV 

—f(x 1 ,u 1 ,d 1 ) + -^-J{x 2 ,u 2 ,d 2 ) < ~0.77V( Xl ,x 2 ) + 8.76 ||«i - u 2 \\ + 1.31 K - d 2 \\, 



from which condition (ii) of Definition 2.2 is fulfilled with A = 0.77, a u (r) = 8.76 r and cr d (r) = 1.31 r, r £ IRq 



We consider disturbance inputs with Lipschitz constant n d = 0.002. For a chosen precision e = 0.125, the 



inequality in (4.3) is satisfied with parameters 



r = 1, Hx = 7r/ 2 CM), Mn = 0.001, 9 d = 0.007. 
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Figure 2. Angular trajectory of the pendulum. 



Lemma |3.2| ensures existence of parameters Hd and N satisfying the inequality: 

® Kd , rrd {N,n d )<e d . 

One possible choice of such parameters is fid = 1-43 • 10~ 4 and N — 0; the choice of the last parameter implies 



that the functional space V T is approximated by two splines. The resulting symbolic model 2p(£) in (4.2) 
has been constructed and consists of 159,819 states, 1,501 control inputs and 6,366 disturbance inputs. The 
running time needed for computing Tp(S) is 4,679s using a laptop with CPU Intel Core 2 Duo T5500 @ 1.66 
GHz with 4 GB RAM. We do not report in the paper further details on T P (E) because of its large size. Instead, 
we use the obtained symbolic model to solve the following robust control design problem with synchronization 
specifications on the angular position of the pendulum: 

• starting from x = (0,0), reach = [7r/8,7r/4] x X 2 ; 

• stay in fli for a time duration between 2s and 4s; 

• reach fl 2 = [-7r/4, —it/8] x X 2 ; 

• stay in for at most 3s; 

• go back to fli and stay definitively in Qi. 

Such a specification is a simple example of more complex specifications that typically arise in multi-agent 
systems where (space) resources are shared in order to perform a cooperative task. By using standard fixed- 
point algorithms (see e.g. |Tab09j ) we designed the symbolic controller enforcing the prescribed specification. 
The resulting controller has been constructed in 2, 681s with a memory occupation of 716 integers. For the 
disturbance input realization 

d-d ( 2n d \ , d + d 
d(t) = cos = 1 



d-d) 2 

the specification is shown in Figure[2]to be satisfied, by means of the symbolic control law illustrated in Figure 

13 



6. Conclusion 

In this paper we showed how to construct symbolic models that approximate nonlinear control systems affected 
by disturbances. Future work will focus on algorithms for the construction of the symbolic models presented 
in this paper. 
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FIGURE 3. Symbolic control input. 
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